#1764 |
tahoe webapi gives HTTP 410 Gone for files that may actually come back
|
new
|
ChosenOne
|
defect
|
normal
|
soon
|
#622 |
add a 'repair' button on the webapi checker results page
|
assigned
|
Lcstyle
|
enhancement
|
major
|
soon
|
#1091 |
give clearer names to the "create a directory" buttons
|
assigned
|
Lcstyle
|
enhancement
|
minor
|
soon
|
#1728 |
add link to docs/frontends/download-status.rst from the download status page
|
assigned
|
Lcstyle
|
enhancement
|
normal
|
soon
|
#1902 |
WUI: "Download a file" should error on directory
|
assigned
|
Lcstyle
|
defect
|
normal
|
soon
|
#1462 |
add legend to Recent Uploads and Downloads page, explain LIT
|
new
|
T_X
|
defect
|
major
|
soon
|
#386 |
upload status page should show nicknames
|
new
|
akp
|
enhancement
|
minor
|
eventually
|
#2142 |
How to enhance WebUI default security against capability eavesdropping?
|
new
|
amontero
|
enhancement
|
normal
|
undecided
|
#1541 |
Add ?t=xml parameter for getting file statistics
|
new
|
bibilthaysose
|
enhancement
|
normal
|
undecided
|
#568 |
make immutable check/verify/repair and mutable check/verify work given only a verify cap
|
new
|
daira
|
defect
|
major
|
soon
|
#587 |
Web nodes provide ambient upload authority
|
new
|
daira
|
defect
|
major
|
soon
|
#686 |
Search for lost share resulted in a directory popping up at unexpected place
|
assigned
|
daira
|
defect
|
major
|
soon
|
#824 |
WUI pages lack correct XHTML 1.0 Transitional declarations
|
assigned
|
daira
|
defect
|
normal
|
soon
|
#1386 |
KeyError: 'file' if the local file is removed after selection and before Submit
|
new
|
daira
|
defect
|
normal
|
soon
|
#1931 |
WUI: niggles in the new Welcome page
|
new
|
daira
|
defect
|
normal
|
soon
|
#1997 |
Eventually remove disconnected nodes from Welcome page display
|
new
|
daira
|
enhancement
|
normal
|
soon
|
#2003 |
put nickname in <title>
|
assigned
|
daira
|
enhancement
|
normal
|
soon
|
#2093 |
State-mutating GET methods in webapi.
|
new
|
daira
|
defect
|
normal
|
undecided
|
#2117 |
Valid helper makes "Connected to Q of R" irrelevant for upload success
|
new
|
daira
|
enhancement
|
normal
|
undecided
|
#2136 |
Use Content-Security-Policy to harden the WUI
|
new
|
daira
|
defect
|
normal
|
undecided
|
#2143 |
Adding aliases to the WUI
|
new
|
daira
|
enhancement
|
normal
|
undecided
|
#2402 |
serve static files under a common URL
|
assigned
|
daira
|
enhancement
|
normal
|
soon
|
#2720 |
format_http_error leaks the URI
|
new
|
daira
|
defect
|
normal
|
undecided
|
#2724 |
use humanize library
|
new
|
daira
|
defect
|
normal
|
undecided
|
#127 |
Cap URLs leaked via HTTP Referer header
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#554 |
some directory targets in wapi/wui require trailing slashes
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#615 |
Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?
|
assigned
|
davidsarah
|
defect
|
critical
|
soon
|
#677 |
WebAPI: GET /uri/$FILECAP?t=json doesn't return size for mutable files, but the HTML version does
|
assigned
|
davidsarah
|
defect
|
minor
|
soon
|
#679 |
/storage emitting exception - lease reporting code
|
assigned
|
davidsarah
|
defect
|
major
|
undecided
|
#766 |
repair results Summary field says "Unhealthy" even though it is healthy after the repair, if it was unhealthy before
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#821 |
A script in a file viewed through the WUI can obtain the file's read cap
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#827 |
Put file download links ('?save=true') in WUI directory listings
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#884 |
give nice error page when URL is mangled or from the future
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#885 |
Ignore space or %20 in webapi URLs
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#907 |
Stop caps from leaking to phishing-filter servers
|
assigned
|
davidsarah
|
defect
|
minor
|
eventually
|
#918 |
Abstraction violations in web/info.py
|
assigned
|
davidsarah
|
defect
|
minor
|
eventually
|
#922 |
The URL of the info page for an unknown dirnode should not grant authority to the containing directory
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#971 |
"Humanized failures" should still have a traceback, hidden by default
|
assigned
|
davidsarah
|
enhancement
|
major
|
soon
|
#1000 |
add 'Tahoe Explorer' (JavaScript-based UI) to Tahoe
|
assigned
|
davidsarah
|
enhancement
|
major
|
soon
|
#1141 |
Cannot Delete Or Rename Files/Directories With Wacky Names
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#1234 |
UnrecoverableFileError message should say which file it refers to
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#1485 |
web-API: POSTs and GETs should be to distinct URLs
|
assigned
|
davidsarah
|
defect
|
major
|
eventually
|
#1639 |
'Return to file/directory' link from file check results gives an error
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#1649 |
WUI: the error message page for a writeable file/directory nonobviously includes the write cap
|
assigned
|
davidsarah
|
defect
|
major
|
undecided
|
#1859 |
Proof-of-concept attack: Upload and execute attacker controlled js from any domain.
|
new
|
davidsarah
|
defect
|
major
|
undecided
|
#1890 |
submit proposal for restrict-referrer-leakage to the CSP standardizers and implementors
|
assigned
|
davidsarah
|
task
|
normal
|
soon
|
#1895 |
implement replace=false for file upload into a mutable directory
|
new
|
davidsarah
|
defect
|
normal
|
undecided
|
#1898 |
deep check on a non-directory gives unhelpful "400 Bad Request" error
|
assigned
|
davidsarah
|
defect
|
normal
|
soon
|
#1928 |
web redirects should use relative URLs
|
assigned
|
davidsarah
|
defect
|
normal
|
soon
|
#1550 |
new/alternate download visualizer
|
new
|
drewp
|
enhancement
|
major
|
undecided
|
#1912 |
show miniature live view of recent activity right on the front page
|
new
|
drewp
|
enhancement
|
normal
|
undecided
|
#1798 |
Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages
|
new
|
freddyb
|
defect
|
major
|
soon
|
#2385 |
node web server should use DHE/ECDHE suites automatically
|
new
|
j3i
|
enhancement
|
major
|
undecided
|
#366 |
address Nathan Wilcox's concerns about "Tahoe and the browser security model"
|
new
|
nejucomo
|
defect
|
major
|
eventually
|
#674 |
controlled access to your WUI
|
new
|
nobody
|
enhancement
|
major
|
soon
|
#857 |
Make operation-handle-querying use only a little memory
|
new
|
nobody
|
defect
|
major
|
undecided
|
#970 |
webapi PUT via multiple nodes can cause directory corruption but does not report UncoordinatedWriteError
|
new
|
nobody
|
defect
|
minor
|
undecided
|
#995 |
It's way too easy to give away write directory caps
|
new
|
nobody
|
defect
|
major
|
undecided
|
#997 |
The webapi/WUI should have https enabled by default
|
new
|
nobody
|
defect
|
major
|
undecided
|
#1032 |
Display active HTTP upload operations on the status page
|
new
|
nobody
|
enhancement
|
minor
|
eventually
|
#1047 |
Upload failures should report useful HTTP status lines
|
new
|
nobody
|
enhancement
|
major
|
undecided
|
#1142 |
Unlikely XSS Potential in File Names in WUI
|
new
|
nobody
|
defect
|
major
|
undecided
|
#1144 |
Loopy/Uninhibited/Overlarge Filename Makes Web Server Crump
|
new
|
nobody
|
defect
|
major
|
undecided
|
#1203 |
/storage is insufficiently verbose when no crawl running
|
new
|
nobody
|
defect
|
normal
|
eventually
|
#1664 |
webapi fails to handle all TCP disconnects: "Request.finish called on a request after its connection was lost; use Request.notifyFinish to keep track of this."
|
new
|
nobody
|
defect
|
major
|
soon
|
#567 |
add version info to t=JSON output data
|
assigned
|
rvs
|
enhancement
|
major
|
soon
|
#3311 |
Move table layout to template file in download status page
|
new
|
sajith
|
enhancement
|
normal
|
undecided
|
#3371 |
Render post-repair corrupt shares in deep-check-and-repair results page
|
new
|
sajith
|
defect
|
normal
|
undecided
|
#3420 |
Twisted web Resources should "return ErrorPage" instead of "raise WebError"
|
assigned
|
sajith
|
defect
|
normal
|
|
#813 |
string exception raised to web renderer?
|
new
|
somebody
|
defect
|
minor
|
undecided
|
#1136 |
don't run a web-API frontend if you don't need one
|
new
|
somebody
|
enhancement
|
major
|
eventually
|
#1211 |
client should be able to test share placement
|
new
|
somebody
|
enhancement
|
major
|
eventually
|
#1375 |
the performance stats for each upload or download are undiscoverable
|
new
|
tarcieri
|
defect
|
normal
|
undecided
|
#92 |
add upload-status page: progress and to-whom info
|
new
|
warner
|
enhancement
|
minor
|
eventually
|
#430 |
upload/download status: add recently-finished operations
|
new
|
warner
|
enhancement
|
minor
|
eventually
|
#891 |
web gateway memory grows without bound under load
|
new
|
warner
|
defect
|
critical
|
soon
|
#1171 |
add regression test for shnums: "e,r,r,o,r"
|
reopened
|
warner
|
defect
|
normal
|
soon
|
#1434 |
DYHB requests misrendered in download visualization
|
new
|
warner
|
defect
|
major
|
soon
|
#1726 |
new visualizer needs labels with units
|
new
|
warner
|
defect
|
normal
|
soon
|
#1727 |
New Visualizer has layout bug where serverids and other things scribble over each other
|
new
|
warner
|
defect
|
normal
|
soon
|
#2080 |
remove the "experimental" flag on MDMF in the WUI and make it the default
|
new
|
warner
|
enhancement
|
normal
|
soon
|
#1706 |
The "Report!" button in the "Report an Incident" form field redirects to a misleading/incomplete message
|
new
|
zancas
|
defect
|
normal
|
undecided
|
#277 |
make the wui show the underlying LAFS model -- one WUI page per link in LAFS
|
new
|
zooko
|
enhancement
|
major
|
eventually
|
#280 |
get_hash method in webapi for extension caching logic.
|
assigned
|
zooko
|
enhancement
|
minor
|
undecided
|
#691 |
improve WUI directory page according to a new user's first impressions
|
assigned
|
zooko
|
enhancement
|
minor
|
eventually
|
#951 |
uploads aren't cancelled by closing the web page
|
assigned
|
zooko
|
defect
|
major
|
undecided
|
#1173 |
cancelled downloads are marked incorrectly on the Recent Uploads/Downloads page
|
assigned
|
zooko
|
defect
|
major
|
soon
|
#1265 |
New Visualizer is insufficiently labelled/documented (plus layout problem)
|
assigned
|
zooko
|
defect
|
major
|
soon
|
#1903 |
deprecate one of the synonyms "/file/" and "/named/" from the WAPI
|
reopened
|
zooko
|
enhancement
|
normal
|
soon
|
#203 |
add deep-copy function to web API
|
new
|
|
enhancement
|
major
|
eventually
|
#318 |
wapi: test that we return 200 or 201 as appropriate
|
new
|
|
defect
|
major
|
soon
|
#389 |
Implement Web Portal feature.
|
new
|
|
enhancement
|
minor
|
undecided
|
#462 |
PUT should elicit 100 Continue
|
new
|
|
defect
|
major
|
soon
|
#525 |
include platform of each remote peer in the welcome page's known-servers table
|
reopened
|
|
enhancement
|
minor
|
undecided
|
#529 |
Implement Halt and Catch Fire
|
new
|
|
defect
|
major
|
undecided
|
#589 |
JSON link does not work if there is a '#' character in the file name.
|
new
|
|
defect
|
major
|
eventually
|
#770 |
webapi: listen on multiple interfaces/ports
|
new
|
|
enhancement
|
major
|
eventually
|
#2225 |
allow themeing of WUI
|
new
|
|
enhancement
|
normal
|
undecided
|
#2227 |
"format=mutable" in the web API
|
new
|
|
enhancement
|
normal
|
undecided
|
#2302 |
update the Content-Disposition and filename stuff for modern standards and practice
|
new
|
|
defect
|
normal
|
soon
|